Threat actors are individuals or groups that pose a risk to organizations in valuable sectors like healthcare. These criminals are prone to target the healthcare sector due to several factors, including high-value data, operational pressures, and the fear of regulatory consequences for failing to protect patient data.
A threat actor is any individual or group responsible for initiating cyberattacks aimed at exploiting vulnerabilities in a system or network. The actors can range from lone hackers to sophisticated, organized groups or even state-sponsored entities. The motivations behind these attacks are diverse, some pursue financial gain through activities like ransomware attacks while others are driven by ideology or politics.
In NIST SP 800-150, a threat actor is described as being, “...persistent, motivated, and agile, and they use a variety of tactics, techniques, and procedures (TTPs) to compromise systems, disrupt services, commit financial fraud, and expose or steal intellectual property and other sensitive information.”
The skills and resources of threat actors can vary widely. Some might rely on basic techniques like phishing while others craft more targeted attacks like zero day exploits or social engineering. No matter the method, threat actors are an immense risk to critical sectors like healthcare where data is especially sensitive.
The following is based on the HHS report on the Types of Cyber Threat Actors that Threaten Healthcare.
One of the most active ransomware groups targeting healthcare. First discovered in mid-2022, the financially motivated group operates under a Ransomware-as-a-Service (RaaS) model. It has been known to deploy complex ransomware that sometimes requires a unique 32-character password, making it difficult for security researchers to analyze and contain.
A Russia-linked ransomware group has been active since 2019. Cl0p has targeted organizations with revenues exceeding $ 5 million, and its attacks have included a mass breach of over 130 organizations. Known for its sophisticated malware and encryption techniques, Cl0p is found to be behind some of the largest healthcare breaches impacting protected health information (PHI).
A threat actor that emerged in 2022, the group believed to be composed of experienced cybercriminals from the Conti group, uses a 64-bit executable written in C++ to encrypt files on Windows systems and add the “.royal” extension. The group's notable attacks include US telecoms and UK racing circuits.
Threat actors often target healthcare organizations and their employees to exploit weaknesses in email security. Since email remains one of the most popular forms of communication within healthcare, any breach of email accounts can result in unauthorized access or theft of PHI. The risks come from multiple attack vectors like phishing, credential stuffing, or malware that comprises email systems.
The use of HIPAA compliant email is one of the best weapons in a healthcare providers arsenal against cyber threats. Platforms like Paubox use encryption which providers having the assurance that PHI is protected whilst not compromising the convenience that makes email so popular.
The Health Insurance Portability and Accountability Act is a law designed to protect the security and privacy of a person's health information.
A cyberattack is an attempt is an attempt by hackers or malicious actors to damage, steal, or disrupt digital systems, networks, or data.
The black market is the illegal trading of goods and services that are prohibited by law or conducted outside government regulations.